FBI Busts Alleged Skype 'Sextortionist'

Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.

Who Is Hacking U.S. Banks? 8 Facts

(click image for larger view and for slideshow)

The FBI Tuesday announced the arrest of Karen "Gary" Kazaryan, a 27-year old man, for allegedly coercing female Internet users into posing topless via Skype. Investigators said they recovered 3,000 nude and semi-nude pictures from Kazaryan's PC and suspect him of victimizing over 350 women between 2009 and 2011.

An indictment unsealed Tuesday in U.S. District Court charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft. If convicted on all counts, Kazaryan faces up to 105 years in jail.

"Using the accounts to which he had obtained unauthorized access, defendant Kazaryan would then, in the guise of the victims' online identities, contact friends or associates of the victims in order to fraudulently persuade, or extort, those individuals into removing their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies on their webcams," said the indictment. "Defendant Kazaryan would also use naked or semi-naked images of victims to further extort those and other victims to remove their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies."

The FBI said that it hasn't yet linked all of the nude and semi-nude images with people's actual identities. "Anyone who believes they may have been a victim in this case should contact the FBI's Los Angeles Field Office at (310) 477-6565," said a statement issued by the bureau.

A related search warrant, executed in 2011 and unsealed Tuesday, details Kazaryan's alleged working methods, which left some of his victims "fearful of using the Internet and computers." The search warrant was written by FBI special agent and cyber squad investigator Tanith Rogers, who has previously investigated numerous sextortion cases.

In one series of creepy extortion attacks described in the search warrant, Kazaryan contacted a female target ("A.M."), posing as her female friend ("L.A."), and inviting her to connect via a Skype account that "she" had just created. But after several minutes, the victim suspected that the person on Skype wasn't really L.A., and confirmed that fact by calling L.A. on the phone. A.M. told the unknown person to stop contacting her.

"While still logged into Skype, the unknown person told A.M. that he had damaging photo (sic) of her sister, D.M., and another friend, M.O. To prove that he had the photo, the unknown person changed his Skype profile photo to the pornographic photo of D.M. The photograph was sexually explicit and embarrassing to D.M. and M.O." and showed them both in a hot tub, naked from the waist up, according to the search warrant.

From there, the unknown person demanded that both A.M. and her sister D.M. pose naked for their webcam or he would post the embarrassing photo to their Facebook walls. He gave them 10 seconds. When they attempted to stall him, he logged into L.A.'s Facebook account and added the hot-tub photo to her Facebook wall. That led the two women to comply with the unknown person's demands, and briefly flash their breasts via a Skype video chat. When the unknown person said they hadn't posed long enough, the pair again posed for him via Skype.

After that episode, the unknown person removed the embarrassing photo from L.A.'s Facebook wall. Both of the victims, meanwhile, immediately closed down their Facebook and webmail accounts. But the unknown person continued to contact them and demand that they pose naked for new photos and threatened to post more embarrassing photos of them to Facebook unless they complied.

According to the FBI's search warrant, as a result of the sextortion campaign, "A.M. stated she is emotionally distraught and stated that D.M. said she felt as if she was raped."

Although Kazaryan allegedly amassed hundreds of victims, the search warrant suggests he was no hacking wunderkind and that he took few if any steps to try to cover his online tracks. Notably, access records for victims' hacked Facebook accounts, shared by Facebook with the FBI, showed that the same IP address had been used to access 176 different hacked Facebook accounts between Nov. 1, 2010 and Dec. 26, 2010 -- including the aforementioned victims.

According to the search warrant, in that timeframe, the same IP address used to hack into those pages was also the most-used IP address -- used 190 times, and nearly every day -- for accessing Kazaryan's Facebook page. According to Facebook personnel, the IP address also corresponded with Kazaryan's regularly used PC, and Kazaryan had never reported that his account had been hacked.

According to the search warrant, Kazaryan had been previously arrested, and as of Jan. 18, 2011, had a pending trial for a 2008 rape charge.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

This sound like a whole new form of terror and crime that is a result of social media and being able to exploit people through their image. I understand with technology comes a whole slue of threats and attacks just waiting to be launched, but this is ridiculous, that a man with a previous rape record is able to conduct this sort of behavior and go unnoticed for so long and effect so many people. Clearly he did not care about getting caught or was to stupid to cover his tracks, either way glad this guy will be doing some pretty painful time.

How horrible. Amongst other issues at stake here, it's a reminder that all computer users definitely need to ramp up security - in addition to changing passwords regularly, everyone needs to explore other ways and products that can help boost security.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.